Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Grafana GitHub Breach from npm Attack Exposes Code

Grafana GitHub Breach from npm Attack Exposes Code

Posted on May 20, 2026 By CWS

Grafana Labs Breach Overview

Grafana Labs recently disclosed a security breach related to its GitHub environment, revealing that no customer production systems were affected. The incident, reported on May 19, 2026, was confined to their GitHub repositories, which include both public and private source code.

Details of the Security Incident

The breach affected repositories used by Grafana Labs teams for collaboration and storing internal information. This included business contact names and email addresses, but not data from production systems or the Grafana Cloud platform.

The origin of the breach was attributed to a TanStack npm supply chain attack executed by TeamPCP. This group has previously targeted other organizations, including OpenAI and Mistral AI, with the attack activity first detected by Grafana on May 11, 2026.

Response and Mitigation Measures

Grafana responded by rotating a significant number of GitHub workflow tokens. However, a missed token allowed unauthorized access to their repositories. A subsequent review revealed that a GitHub workflow, initially thought to be unaffected, had been compromised.

On May 16, 2026, Grafana received an extortion demand from an unidentified threat actor. The company chose not to comply, citing the uncertainty of data deletion and potential encouragement of further attacks.

Security Enhancements and Future Outlook

In response, Grafana has enhanced its security measures by rotating automation tokens, improving monitoring, auditing commits for malicious activities, and strengthening its GitHub security framework.

Interestingly, a group known as CoinbaseCartel listed Grafana on its dark web site on May 15, 2026. Meanwhile, GitHub is investigating unauthorized access to its internal repositories, a situation linked to the notorious TeamPCP, which has allegedly put the platform’s source code for sale on a cybercrime forum.

This breach highlights the ongoing threats faced by organizations and the importance of robust cybersecurity practices. Grafana’s proactive measures serve as a crucial step in safeguarding against future incidents.

The Hacker News Tags:cloud security, CoinbaseCartel, Cybersecurity, data breach, Extortion, GitHub, Grafana, NPM, source code, supply chain attack, TeamPCP

Post navigation

Previous Post: GitHub Security Breach: Internal Repositories Compromised
Next Post: New PoC Exploit for Old PostgreSQL Vulnerability

Related Posts

AI Agents and Cyber Threats: Latest Security Concerns AI Agents and Cyber Threats: Latest Security Concerns The Hacker News
Update Your cPanel Server to Fix Critical Vulnerability Update Your cPanel Server to Fix Critical Vulnerability The Hacker News
AI-Driven Cyber Attacks Surge in 2025 AI-Driven Cyber Attacks Surge in 2025 The Hacker News
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters The Hacker News
Google Fixes Chrome 0-Days, AWS Breach, AI Security Risks Google Fixes Chrome 0-Days, AWS Breach, AI Security Risks The Hacker News
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark